php-curl request returns denied

Question

I'm currently trying to fetch some data with a curl request from this link. Doing this returns the following:

"HTTP/2 403 server: AkamaiGHost mime-version: 1.0 content-type: text/html content-length: 293 expires: Sun, 11 Aug 2019 08:34:24 GMT date: Sun, 11 Aug 2019 08:34:24 GMT

Access Denied

You don't have permission to access "http://www.g2a.com/lucene/search/filter?" on this server.

Reference #18.9d0c1502.1565512464.22e1446"

I know that curl works fine because it works with other requests, it's just this one that gets denied. Also, opening the link with a browser doesn't show the "Access Denied" error but actually returns the data I need.

This is the curl request copy-pasted from the code:

try{
    //  initiate curl (used to request data from other webpages)
    $ch = curl_init();
    // will return the response, if false it prints the response
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    // set the url, eliminates headers from response
    curl_setopt($ch, CURLOPT_URL, $g2a);
    curl_setopt($ch, CURLOPT_HEADER, true); 
    // execute
    $result=curl_exec($ch);

    //if some error occurs
    if (!$result)
        throw new Exception(curl_error($ch), curl_errno($ch));

    // Closing
    curl_close($ch);
} catch(Exception $e) {
    trigger_error(sprintf('Curl failed with error #%d: %s', $e->getCode(), $e->getMessage()), E_USER_ERROR);
}
var_dump($result);
//converts json to associative array
$result=json_decode($result, true);

Any ideas on what could be the problem?

You have to do special things to perform a HTTPS cURL request. Especially the `CURLOPT_SSL_VERIFYPEER` option. See: https://stackoverflow.com/a/4372730/3986005 — KIKO Software, Aug 11 '19 at 08:51
Something along the line of https://www.g2a.com/lucene/search/filter?&search=Baba+is+you&currency=eur&cc=EUR — texdade, Aug 11 '19 at 09:22

score 1 · Accepted Answer · answered Aug 11 '19 at 09:56

If you want to use SSL with CURL you should down a root certificate from: https://curl.haxx.se/docs/caextract.html

Just download the cacert.pm with the link on the top of the content.. and tell which certificate to use when connecting to SSL. This sets an approiate connection (an actually secure connection opposed to use ssl_verifyer to false...)

My qualified guess is that the server you're connecting to do probably not set any incoming requests as valid (through something called CORS (Access-Control-Allow-Origin)). If you want connect from www.yourdomain.com then they would have to set up that www.yourdomain.com is valid for incoming requests.

I've tested other domains that the code below works with, so you would have to talk to the owners of g2a.com to handle this issue (it's a server issue, not only a code issue)

<?php
$g2a = 'https://www.g2a.com';

//Tell cURL where our certificate bundle is located.

//an absolute path to your downloaded pem-file:
$certificate = "C:\wamp\www\stackoverflow\cacert.pem"; 

try{
    //  initiate curl (used to request data from other webpages)
    $ch = curl_init();
    // will return the response, if false it prints the response
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($ch, CURLOPT_CAINFO, $certificate);
    curl_setopt($ch, CURLOPT_CAPATH, $certificate);

    // set the url, eliminates headers from response
    curl_setopt($ch, CURLOPT_URL, ($g2a) );
    curl_setopt($ch, CURLOPT_HEADER, true); 
    // execute
    $result=curl_exec($ch);

    //if some error occurs
    if (!$result)
        throw new Exception(curl_error($ch), curl_errno($ch));

    // Closing
    curl_close($ch);
    } catch(Exception $e) {
        trigger_error(sprintf('Curl failed with error #%d: %s', $e->getCode(), $e- 
        >getMessage()), E_USER_ERROR);
}
var_dump($result);

//converts json to associative array
$result=json_decode($result, true);

Hi, the cacert.pem is already set because I was having trouble making a curl to another https domain (which works, so I don't think that the problem lies within the SSL connection). Does CORS apply only to the curl request (in this case) and not to the user-made browser one? Thanks! — texdade, Aug 11 '19 at 10:21
CORS apply to anyone that want to make a request from another server. If you do the request yourself in the browser (typing the link directly into browser) no CORS are applied. — bestprogrammerintheworld, Aug 11 '19 at 11:35

score 0 · Answer 2 · answered Aug 11 '19 at 08:57

0

Access the HTTPS URL directly:

$g2a = "https://www.g2a.com/lucene/search/filter";

there is no auth.

answered Aug 11 '19 at 08:57

Martin Zeitler

1
19
155
216

Hi, I don't get what you saying. The full link I use in the curl request is "https://www.g2a.com/lucene/search/filter?&search=Baba+is+you&currency=eur&cc=EUR" – texdade Aug 11 '19 at 09:08

php-curl request returns denied

2 Answers2